Cisco IPS 7.0: Implementing Cisco Unity Express in CUCM Express Environment


Overview/Description
Target Audience
Expected Duration
Lesson Objectives
Course Number


Overview/Description
After you have configured the sensing interfaces of a Cisco Intrusion Prevention System (IPS) sensor, you will need to attach them to the sensor analysis engine, and optionally tune basic, low-level analysis options that apply to inspected traffic. In this course, you will learn about virtual sensors and their session tracking modes, traffic sources and analysis engine settings, inline normalization and promiscuous mode reassembly options, IP version 6 (IPv6) support and how to configure the bypass feature. This course also introduces the configuration of the built-in signatures in the Cisco Intrusion Prevention System (IPS) sensor products. You will be able to find individual signatures and classes of signatures, and perform basic signature-related configuration actions. You will also learn how to configure the actions that you would like the sensor to take, and configure the two configuration mechanisms that allow you to scalably change responses for a large number of signatures.

Target Audience
Anyone wishing to obtain the Cisco Certified Network Professional CCNP Security, Cisco Certified Security Professional CCSP Certification or Cisco IPS Specialist Certification designation. Established IT professionals with a good understanding of networking and Cisco technology, installation, troubleshooting and monitoring of devices used to maintain integrity, confidentiality and availability of data and network devices that Cisco uses in its security infrastructure. Candidates who have completed the Cisco Certified Network Associate Security Certification - Implementing Cisco IOS Network Security (IINS)

Expected Duration (hours)
3.0

Lesson Objectives

Cisco IPS 7.0: Implementing Cisco Unity Express in CUCM Express Environment

  • describe a default virtual sensor
  • identify the characteristics of traffic normalization in inline sensor mode
  • describe the configuration parameters for TCP stream reassembly in promiscuous mode
  • recognize when to use virtual sensor, interface and VLAN and VLAN only TCP session tracking modes
  • identify the major characteristics of Cisco IPS software bypass
  • assign the Cisco IPS sensor inline interface pair to the default virtual sensor to enable traffic inspection
  • recognize the characteristics of Cisco IPS sensor generated alerts
  • identify the characteristics of Cisco IPS sensor software version 7.0
  • describe how to configure basic signature properties
  • choose appropriate preventative signature actions for a particular scenario
  • describe the guidelines for detective and preventative signature actions
  • describe how ACLs are used on blocking devices
  • configure remote blocking on a Cisco IPS sensor for a particular scenario
  • identify the characteristics of IP logging in a Cisco IPS sensor
  • describe the components of a risk rating system
  • calculate the risk rating value for a particular event
  • select the appropriate active signature configuration tool for a particular scenario
  • manually configure and select signature responses
  • recognize the benefits and limitation of signature action response strategies

    • Course Number:
    cc_ipss_a05_it_enus